FROC2010 Abstract Zusman2

The Presentation: "What's Old Is New Again: An Overview of Mobile Application Security"

The ever-increasing prevalence of mobile devices brings with it a slew of security problems. Applications running directly on mobile devices (and web apps optimized for mobile clients) are ripe for the picking even by unsophisticated attackers. The attack classes that once applied to traditional network-facing, fat client, and web applications are now valid for mobile apps, as well. Insecure authentication and access control; home-grown crypto; and memory management problems are just some of the issues resurfacing on this new frontier. This presentation will discuss the security of some of the most popular applications running on mainstream mobile platforms such as Android, iPhone, Blackberry, and Windows Mobile.

The Speakers

Zach Lanier

Zach is a Senior Consultant with the Intrepidus Group, specializing in
network and web application penetration testing. He has performed
security assessments for numerous clients, including Fortune 500
companies and higher education institutions. Prior to joining Intrepidus
Group’s professional services team, Zach served as Senior Network
Security Analyst at Harvard Business School, and Security Assessment
Practice Manager at Rapid7. Zach has also presented at the MIS Training
Institute's InfoSec World, IT Security World, and
FinSec conferences, as well as Boston-area security professionals'
groups, on topics such as open source security tools, security in
virtualized environments, and vulnerability disclosure.

Mike Zusman

Mike Zusman is a Principal Consultant with the Intrepidus Group. Prior
to joining Intrepidus Group, Mike held the positions of Escalation
Engineer at Whale Communications (a Microsoft subsidiary), Security
Program Manager at Automatic Data Processing, and lead architect and
developer at a number of smaller firms. In addition to his corporate
experience, Mike is an independent security researcher, and has
responsibly disclosed a number of critical vulnerabilities to commercial
software vendors. He has spoken at a number of top industry events
including CanSecWest, Defcon, Black Hat and regional OWASP events. Mike
also speaks and teaches about information security at NYU/Polytechnic
University. Mike brings 11 years of security, technology, and business
experience to Intrepidus Group. He is a CISSP and an active member of
the OWASP foundation.